Excessive Connections issues

The Far Side · November 2009

I'm on my University's network in my dorm room, and more and more recently, I've been getting throttled to external internet because of

Current Status:Your IP address is in the ResNet Penalty Box because you have exceeded a limit of 3000 connections (flows) to other hosts/sources. To correct this, please reduce the number of active uploads/downloads. Your current status: excessive flows (4824 active flows).

How can I have this many connections? I've scanned my computer for spyware (nothing there), I don't have torrents running, and all I have open is AIM, MSN, Steam, Ventrilo, and Firefox.

What could be causing this?

eternalbl · November 2009

Are you sharing a connection via router with a roommate?

The Far Side · November 2009

Nope, everybody in my flat has their own direct internet connection.

wmelon · November 2009

If you're running windows, you can run netstat -s from a command prompt and it will tell you how many current connections you have open. If it indeed shows that many current connections you can use netstat -ab to get the Process ID of the offending process.

PirateJon · November 2009

Rather than mess with netstat, you can use TCPView. Same info, easier to understand format.
http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx

You can run it right from the browser by going here:
http://live.sysinternals.com/Tcpview.exe

vonPoonBurGer · November 2009

The Far Side wrote: »

I don't have torrents running

Did you have torrents running recently? Firewalls will normally maintain a list of open NAT (network address translation) connections for quite a while; exactly how long depends on the firewall's configuration. Unless the firewall sees a TCP FIN packet on that connection it's kept in the tracking list until the configured timeout is reached. Many torrent clients are notoriously bad at sending FIN packets to close their connections, so if you were torrenting recently and the firewall has a long timeout period then that could easily explain where all those stale connections came from.

If you owned the firewall I'd advise you to reduce the connection timeout to something sane like 10 minutes (I mean really, if a connection hasn't seen a packet in 600 seconds then it's dead, dump it from the list already!). Since you don't have any administrative control in this instance, your best bet if you're torrenting is to reduce the number of connections your client will open. Of course, if you don't run torrents ever then this advice is meaningless. Wmelon & PirateJon's advice should help you find the offending software if that's the case.

The Far Side · November 2009

PirateJon wrote: »

Rather than mess with netstat, you can use TCPView. Same info, easier to understand format.
http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx

You can run it right from the browser by going here:
http://live.sysinternals.com/Tcpview.exe

Okay, I just tried this (when I am not getting any excessive flows errors) and these are my results:

[System Process]:0	TCP	Skynet:49202	localhost:49203	TIME_WAIT	
[System Process]:0	TCP	Skynet:49203	localhost:49202	TIME_WAIT	
[System Process]:0	TCP	skynet.ubc.ca.:51447	a142-231-1-167.deploy.akamaitechnologies.com:http	TIME_WAIT	
AppleMobileDeviceService.exe:1960	TCP	Skynet:27015	Skynet:0	LISTENING	
AppleMobileDeviceService.exe:1960	TCP	Skynet:27015	localhost:49168	ESTABLISHED	
firefox.exe:3284	TCP	Skynet:51451	localhost:51452	ESTABLISHED	
firefox.exe:3284	TCP	Skynet:51452	localhost:51451	ESTABLISHED	
firefox.exe:3284	TCP	skynet.ubc.ca.:51453	pw-in-f100.1e100.net:http	ESTABLISHED	
firefox.exe:3284	TCP	Skynet:51454	localhost:51455	ESTABLISHED	
firefox.exe:3284	TCP	Skynet:51455	localhost:51454	ESTABLISHED	
firefox.exe:3284	TCP	skynet.ubc.ca.:51456	pz-in-f106.1e100.net:http	ESTABLISHED	
firefox.exe:3284	TCP	skynet.ubc.ca.:51457	pz-in-f104.1e100.net:http	ESTABLISHED	
firefox.exe:3284	TCP	skynet.ubc.ca.:51458	pz-in-f100.1e100.net:http	ESTABLISHED	
firefox.exe:3284	TCP	skynet.ubc.ca.:51459	pz-in-f138.1e100.net:http	ESTABLISHED	
firefox.exe:3284	TCP	skynet.ubc.ca.:51460	74.125.15.39:http	ESTABLISHED	
iTunesHelper.exe:3788	TCP	Skynet:49168	localhost:27015	ESTABLISHED	
lsass.exe:664	TCP	Skynet:49155	Skynet:0	LISTENING	
lsass.exe:664	TCPV6	skynet:49155	skynet:0	LISTENING	
mDNSResponder.exe:1984	TCP	Skynet:5354	Skynet:0	LISTENING	
mDNSResponder.exe:1984	UDP	skynet:5353	*:*		
mDNSResponder.exe:1984	UDP	skynet.ubc.ca.:5353	*:*		
mDNSResponder.exe:1984	UDP	Skynet:58621	*:*		
mDNSResponder.exe:1984	UDP	Skynet:60982	*:*		
mDNSResponder.exe:1984	UDPV6	skynet:58622	*:*		
pidgin.exe:4612	TCP	skynet.ubc.ca.:49214	by2msg1010614.gateway.edge.messenger.live.com:msnp	ESTABLISHED	
pidgin.exe:4612	TCP	skynet.ubc.ca.:49216	bos-m024c-sdr2.blue.aol.com:5190	ESTABLISHED	
pidgin.exe:4612	TCP	skynet.ubc.ca.:49218	oam-d05a.blue.aol.com:5190	ESTABLISHED	
pidgin.exe:4612	TCP	skynet.ubc.ca.:49219	buddychat-m02b.blue.aol.com:5190	ESTABLISHED	
pidgin.exe:4612	TCP	skynet.ubc.ca.:51061	205.188.13.32:5190	ESTABLISHED	
pidgin.exe:4612	UDP	Skynet:51330	*:*		
pidgin.exe:4612	UDP	Skynet:51331	*:*		
pidgin.exe:4612	UDP	Skynet:51334	*:*		
pidgin.exe:4612	UDP	Skynet:51335	*:*		
pidgin.exe:4612	UDP	Skynet:51344	*:*		
pidgin.exe:4612	UDP	Skynet:51345	*:*		
pidgin.exe:4612	UDP	Skynet:55440	*:*		
pidgin.exe:4612	UDP	Skynet:55441	*:*		
pidgin.exe:4612	UDP	Skynet:58256	*:*		
pidgin.exe:4612	UDP	Skynet:58257	*:*		
pidgin.exe:4612	UDP	Skynet:59283	*:*		
pidgin.exe:4612	UDP	Skynet:59284	*:*		
pidgin.exe:4612	UDP	Skynet:59287	*:*		
pidgin.exe:4612	UDP	Skynet:59288	*:*		
pidgin.exe:4612	UDP	Skynet:59325	*:*		
pidgin.exe:4612	UDP	Skynet:59326	*:*		
pidgin.exe:4612	UDP	Skynet:59329	*:*		
pidgin.exe:4612	UDP	Skynet:59330	*:*		
pidgin.exe:4612	UDP	Skynet:59333	*:*		
pidgin.exe:4612	UDP	Skynet:59334	*:*		
pidgin.exe:4612	UDP	Skynet:64033	*:*		
pidgin.exe:4612	UDP	Skynet:64034	*:*		
PnkBstrA.exe:2132	UDP	Skynet:44301	*:*		
PnkBstrB.exe:2156	UDP	Skynet:45301	*:*		
services.exe:652	TCP	Skynet:49162	Skynet:0	LISTENING	
services.exe:652	TCPV6	skynet:49162	skynet:0	LISTENING	
Skype.exe:3120	TCP	Skynet:http	Skynet:0	LISTENING	
Skype.exe:3120	TCP	Skynet:https	Skynet:0	LISTENING	
Skype.exe:3120	TCP	Skynet:33173	Skynet:0	LISTENING	
Skype.exe:3120	TCP	skynet.ubc.ca.:49603	d207-6-77-200.bchsia.telus.net:31406	ESTABLISHED	
Skype.exe:3120	UDP	Skynet:https	*:*		
Skype.exe:3120	UDP	Skynet:33173	*:*		
Skype.exe:3120	UDP	Skynet:56415	*:*		
Steam.exe:3420	UDP	Skynet:53183	*:*		
Steam.exe:3420	UDP	Skynet:59371	*:*		
svchost.exe:1120	UDP	Skynet:llmnr	*:*		
svchost.exe:1120	UDPV6	skynet:5355	*:*		
svchost.exe:2168	TCP	Skynet:49156	Skynet:0	LISTENING	
svchost.exe:2168	TCPV6	skynet:49156	skynet:0	LISTENING	
svchost.exe:248	TCP	Skynet:49154	Skynet:0	LISTENING	
svchost.exe:248	UDP	Skynet:isakmp	*:*		
svchost.exe:248	UDP	Skynet:ipsec-msft	*:*		
svchost.exe:248	UDP	Skynet:63413	*:*		
svchost.exe:248	UDP	Skynet:63414	*:*		
svchost.exe:248	TCPV6	skynet:49154	skynet:0	LISTENING	
svchost.exe:248	UDPV6	skynet:500	*:*		
svchost.exe:608	UDP	Skynet:ntp	*:*		
svchost.exe:608	UDP	skynet:ssdp	*:*		
svchost.exe:608	UDP	Skynet:ssdp	*:*		
svchost.exe:608	UDP	skynet.ubc.ca.:ssdp	*:*		
svchost.exe:608	UDP	Skynet:3702	*:*		
svchost.exe:608	UDP	Skynet:3702	*:*		
svchost.exe:608	UDP	skynet.ubc.ca.:54773	*:*		
svchost.exe:608	UDP	skynet:54774	*:*		
svchost.exe:608	UDP	Skynet:54775	*:*		
svchost.exe:608	UDP	Skynet:58619	*:*		
svchost.exe:608	UDPV6	skynet:123	*:*		
svchost.exe:608	UDPV6	[0:0:0:0:0:0:0:1]:1900	*:*		
svchost.exe:608	UDPV6	[fe80:0:0:0:0:100:7f:fffe]:1900	*:*		
svchost.exe:608	UDPV6	[fe80:0:0:0:7913:be2d:9ca1:7ed1]:1900	*:*		
svchost.exe:608	UDPV6	[fe80:0:0:0:d9a7:2c:d718:5089]:1900	*:*		
svchost.exe:608	UDPV6	skynet:3702	*:*		
svchost.exe:608	UDPV6	skynet:3702	*:*		
svchost.exe:608	UDPV6	[fe80:0:0:0:d9a7:2c:d718:5089]:54769	*:*		
svchost.exe:608	UDPV6	[fe80:0:0:0:7913:be2d:9ca1:7ed1]:54770	*:*		
svchost.exe:608	UDPV6	[0:0:0:0:0:0:0:1]:54771	*:*		
svchost.exe:608	UDPV6	[fe80:0:0:0:0:100:7f:fffe]:54772	*:*		
svchost.exe:608	UDPV6	skynet:58620	*:*		
svchost.exe:900	TCP	Skynet:epmap	Skynet:0	LISTENING	
svchost.exe:900	TCPV6	skynet:135	skynet:0	LISTENING	
svchost.exe:984	TCP	Skynet:49153	Skynet:0	LISTENING	
svchost.exe:984	TCPV6	skynet:49153	skynet:0	LISTENING	
System:4	TCP	skynet:netbios-ssn	Skynet:0	LISTENING	
System:4	TCP	skynet.ubc.ca.:netbios-ssn	Skynet:0	LISTENING	
System:4	TCP	Skynet:microsoft-ds	Skynet:0	LISTENING	
System:4	TCP	Skynet:icslap	Skynet:0	LISTENING	
System:4	TCP	Skynet:5357	Skynet:0	LISTENING	
System:4	UDP	skynet:netbios-ns	*:*		
System:4	UDP	skynet.ubc.ca.:netbios-ns	*:*		
System:4	UDP	skynet:netbios-dgm	*:*		
System:4	UDP	skynet.ubc.ca.:netbios-dgm	*:*		
System:4	TCPV6	skynet:445	skynet:0	LISTENING	
System:4	TCPV6	skynet:2869	skynet:0	LISTENING	
System:4	TCPV6	skynet:5357	skynet:0	LISTENING	
wininit.exe:596	TCP	Skynet:49152	Skynet:0	LISTENING	
wininit.exe:596	TCPV6	skynet:49152	skynet:0	LISTENING

This is what my system looks like normally, I guess. That isn't too bad. I'll post the report once I get capped for having too many connections and then maybe we can pick out what processes shouldn't be there?

The Far Side · November 2009

http://docs.google.com/Doc?docid=0ARlyRy9ULxkLZGYzejR6cnJfMGRocTRuNnFm&hl=en

(linked because its too big to post)

This is apparently enough to get me over my cap! What the hell is this 'System Process 0'? I tried to end it through that program you gave me and it didn't seem to do anything :/

Penny Arcade

Quick Links

Excessive Connections issues

Posts